8ea9ef234a
- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921) * RFC7591 generate_client_info and generate_client_secret take a request parameter. * Add size limitation when decode JWS/JWE to prevent DoS. * Add size limitation for DEF JWE zip algorithm. - Update to 1.6.4 * fix(jose): prevent public/unprotected header overwriting protected header by @lepture in #809 * Fix InsecureTransportError raising by @azmeuk in #810 * Add conventional-commits pre-commit hook by @azmeuk in #811 * Fix response_mode=form_post with Starlette client by @azmeuk in #812 * Specify README.md as project long description by @EpicWink in #817 * Migrate tests to pytest paradigm by @azmeuk in #813 * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @AL-Cybision in #823 * Use explicit *.test urls in unit tests by @azmeuk in #824 - Update to 1.6.3 * Add diff-cover check in GHA by @azmeuk in #803 * Run GHA unit tests with uv by @azmeuk in #805 * Move from pre-commit to prek by @azmeuk in #804 * Sign OIDC id_token according to id_token_signed_response_alg client metadata by @azmeuk in #802 - Update to 1.6.2 * Allow insecure transport for 127.0.0.1 for debugging by @geigerzaehler in #788 * Raise a MissingCodeError when code parameter is missing by @lepture in #786 * Temporarily restore OAuth2Request body parameter by @azmeuk in #791 * Raise MissingCodeException when code parameter is missing by @lepture in #794 * Fix id_token generation with EdDSA alg by @azmeuk in #800 - Update test requirements
Markéta Machová2025-10-13 10:51:43 +00:00
d4ea5e7d5a
- Update to 1.6.1 * Filter key set with additional "alg" and "use" parameters. - Fix bogus version number in previous changelog entry - Rename README.rst to README.md in %files section
Nico Krapp2025-08-11 12:30:53 +00:00
4097c75932
Accepting request 1282354 from devel:languages:python
Ana Guerrero2025-06-03 15:57:40 +00:00
3a84d72971
- Update to 1.6.2 * Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. pull request #733 * Fix missing state parameter in authorization error responses. issue #525 * Support for acr and amr claims in id_token. issue #734 * Support for the none JWS algorithm. * Fix response_types strict order during dynamic client registration. issue #760 * Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). issue #723 * OIDC UserInfo endpoint support. issue #459 - Drop 767-skip-xc20p-tests.patch, merged upstream
Nico Krapp2025-06-03 13:47:52 +00:00
4fc115cef4
Accepting request 1255455 from devel:languages:python
Ana Guerrero2025-03-24 12:31:55 +00:00
5b44752bbc
- update to 1.5.1: * Fix RFC9207 iss parameter. * Fix token introspection auth method for clients. * Optional typ claim in JWT tokens. * JWT validation leeway. * Implement server-side :rfc:RFC9207 <9207>. * generate_id_token can take a kid parameter. * More detailed InvalidClientError. * OpenID Connect Dynamic Client Registration implementation.
Dirk Mueller2025-03-23 21:42:41 +00:00
10fbcc3490
Accepting request 1244113 from devel:languages:python
Ana Guerrero2025-02-07 22:07:01 +00:00
4d5725d65e
- Update to 1.4.1 * Improve garbage collection on OAuth clients. (#698) * Fix client parameters for httpx. (#694)
Markéta Machová2025-02-07 10:41:08 +00:00
e3b8113fe1
Accepting request 1240304 from devel:languages:python
Ana Guerrero2025-01-27 19:52:26 +00:00
5c35145c53
- Update to 1.4.0 * Fix id_token decoding when kid is null. :pr:659 * Support for Python 3.13. :pr:682 * Force login if the prompt parameter value is login. :pr:637 * Support for httpx 0.28, :pr:695 * Breaking changes: - Stop support for Python 3.8. :pr:682 - Drop py313-tests.patch, because now in upstream. - Drop httpx028.patch, because now in upstream.
Matej Cepl2025-01-25 20:55:26 +00:00
67866456e4
Accepting request 1232630 from devel:languages:python
Ana Guerrero2024-12-19 20:42:15 +00:00
b5b2619693
- Add httpx028.patch to add compatibility with new httpx
Nico Krapp2024-12-19 15:37:31 +00:00
59153e6f7b
Accepting request 1204401 from devel:languages:python
Ana Guerrero2024-09-30 13:38:23 +00:00
8ca146f2a7
- update to 1.3.2: * Prevent ever-growing session size for OAuth clients. * Revert quote client id and secret. * unquote basic auth header for authorization server.
Dirk Mueller2024-09-28 20:04:14 +00:00
cfd5b142f6
Accepting request 1179686 from devel:languages:python
Ana Guerrero2024-06-10 15:38:28 +00:00
44dca2d480
- Update to 1.3.1 (CVE-2024-37568, bsc#1226138): * Prevent OctKey to import ssh and PEM strings.
Daniel Garcia2024-06-10 11:08:18 +00:00
55a146e0c9
Accepting request 1141850 from devel:languages:python
Ana Guerrero2024-01-28 18:40:08 +00:00
5243ea9f58
Accepting request 1141500 from home:alarrosa:branches:devel:languages:python
Dirk Mueller2024-01-26 22:24:25 +00:00
6d39b8e320
Accepting request 1137639 from devel:languages:python
Ana Guerrero2024-01-09 19:49:45 +00:00
20c41d0886
- update to 1.3.0: * Restore AuthorizationServer.create_authorization_response behavior, via :PR:558 * Include leeway in validate_iat() for JWT, via :PR:565 * Fix encode_client_secret_basic, via :PR:594 * Use single key in JWK if JWS does not specify kid, via :PR:596 * Fix error when RFC9068 JWS has no scope field, via :PR:598 * Get werkzeug version using importlib, via :PR:591 * New features: * RFC9068 implementation, via :PR:586, by @azmeuk. * Breaking changes: * End support for python 3.7 - Update to version 1.2.0 * Fix Starlette OAuth client for cache store, via PR#478. - Remove unneeded BuildRequires on mock.
Dirk Mueller2024-01-08 20:58:17 +00:00
Dominique Leuenberger
Markéta Machová
Nico Krapp
Ana Guerrero
Matej Cepl
Steve Kowalik
Dirk Mueller
Daniel Garcia
Richard Brown
Tomáš Chvátal